Yahoo email hijack possible with $700 XSS exploit

Yahoo reportedly has yet to fix vulnerable code that is allowing a hacker to sell a $700 exploit capable of undermining a cross-site scripting (XSS) issue in Yahoo's website. The company still is in search of the malicious URL that is being used to spread the inject, which would allow successful bidders to hijack Yahoo webmail users' accounts. The bug first was reported Friday by security blogger Brian Krebs, who wrote that the malicious marketer was offering to sell the exploit only to “trusted people,” so as to keep news of the flaw unknown to those aiming to patch it. A Yahoo spokesperson did not respond to a request for comment made by SCMagazine.com on Tuesday.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.